Privacy Policy

Last updated: January 2025

1. Introduction

SmartSource ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Clinical Trial Management System.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly, including:

  • Name and contact information (email address, phone number)
  • Professional credentials and qualifications
  • Organization and site affiliation
  • Job title and role within clinical trials
  • Electronic signature data

2.2 Clinical Trial Data

The Service processes clinical trial data including:

  • Study protocols and documentation
  • Site information and regulatory documents
  • Delegation of Authority records
  • Training and certification records
  • Audit trail information

2.3 Usage Information

We automatically collect:

  • Login timestamps and session information
  • IP addresses and device information
  • Browser type and operating system
  • Actions performed within the system (for audit purposes)

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Authenticate users and manage access controls
  • Generate audit trails for regulatory compliance
  • Send system notifications and updates
  • Provide technical support
  • Improve and optimize the Service
  • Comply with legal and regulatory requirements

4. Data Protection and Security

We implement robust security measures to protect your data:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Role-based access controls
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Secure data centers with physical access controls
  • Automated backup and disaster recovery systems

5. Regulatory Compliance

Our data handling practices are designed to comply with:

  • 21 CFR Part 11: Electronic records and signatures
  • HIPAA: Protection of health information
  • GDPR: European data protection requirements
  • ICH E6(R2): Good Clinical Practice guidelines
  • ALCOA+: Data integrity principles

6. Data Retention

We retain data in accordance with regulatory requirements for clinical trials:

  • Clinical trial records are retained for the duration required by applicable regulations (typically 15+ years)
  • Audit trails are maintained indefinitely as required by 21 CFR Part 11
  • User account information is retained while the account is active and for a reasonable period thereafter

7. Data Sharing and Disclosure

We may share your information with:

  • Your Organization: Administrators within your organization have access to user data as defined by their roles
  • Service Providers: Trusted third parties who assist in operating the Service
  • Regulatory Authorities: When required by law or during regulatory inspections
  • Legal Requirements: When necessary to comply with legal obligations

We do not sell your personal information to third parties.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Request deletion of your data (subject to regulatory retention requirements)
  • Object to certain processing activities
  • Data portability
  • Withdraw consent where applicable

Note: Some rights may be limited due to regulatory requirements for clinical trial data retention.

9. Cookies and Tracking

We use essential cookies for authentication and session management. These cookies are necessary for the Service to function and cannot be disabled. We do not use third-party advertising or tracking cookies.

10. International Data Transfers

If your data is transferred to servers located outside your country, we ensure appropriate safeguards are in place, including standard contractual clauses and compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of material changes through the Service or via email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your data rights, please contact our Data Protection Officer:

Email: privacy@smartsource.com
Address: SmartSource Inc., Data Protection Office